Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Privacy Technology

Researchers Discover 110 Snooping Tor Nodes (helpnetsecurity.com) 45

Reader Orome1 writes: In a period spanning 72 days, two researchers from Northeastern University have discovered at least 110 "misbehaving" and potentially malicious hidden services directories (HSDirs) on the Tor anonymity network. "Tor's security and anonymity is based on the assumption that the large majority of its relays are honest and do not misbehave. Particularly the privacy of the hidden services is dependent on the honest operation of hidden services directories (HSDirs)," Professor Guevara Noubir and Ph.D. student Amirali Sanatinia explained. "Bad" HSDirs can be used for a variety of attacks on hidden services: from DoS attacks to snooping on them.
This discussion has been archived. No new comments can be posted.

Researchers Discover 110 Snooping Tor Nodes

Comments Filter:
  • by Anonymous Coward on Monday July 25, 2016 @01:46PM (#52577029)

    I asked on the Tor forum how one can run a directory server, and the response was basically -- "you can't -- only people chosen *specifically* by the Tor project can host a directory server".

    Apparently this is *not* true, so what's the real deal, and *why* did they tell me this?

  • NSA owns a couple of those.

  • Tor's fatal flaw (Score:4, Insightful)

    by fustakrakich ( 1673220 ) on Monday July 25, 2016 @02:17PM (#52577237) Journal

    You can't trust anybody, not even Tor. I'm afraid this one looks like a lost cause. I wouldn't use the damn thing.

    • by raymorris ( 2726007 ) on Monday July 25, 2016 @02:58PM (#52577519) Journal

      > You can't trust anybody, not even Tor.

      IMHO, I especially don't trust Tor. It's an obvious place that three-letter agencies would be looking. If I drive down Crack Avenue with a busted taillight, I *expect* that police will be patrolling the area and probably pull me over. It would, imho, be silly to think that authorities aren't patrolling the digital equivalent of Crack Avenue.

    • You can't trust anybody, not even Tor. I'm afraid this one looks like a lost cause. I wouldn't use the damn thing.

      Which is precisely the goal of tampering and interfering with TOR network operations. To cast doubt upon it, to make it less attractive. I really don't think it has much to do with wanting to snoop, as it is to make people think they're being snooped on and to destablize the service entirely. Seems like it's fairly effective so far too!

      This is a beautiful piece of social engineering by those who want TOR to go away. Well played.

      • I'm fine with that. Exposing actual flaws is always a good thing. The reasons aren't important. It just means we have to do better. I feel the same about publicly available encryption in general. I don't believe it is secure beyond what the script kiddies can do. And even the hardware itself is pretty leaky. So, just like the old days, the Sunday classifieds are still the best way to get a message out.The idea of *trust no one* is as old as the hills. Some things will never change, no matter how glitzy the

      • by gweihir ( 88907 )

        This is a beautiful piece of social engineering by those who want TOR to go away. Well played.

        Indeed. It is a classical attack: Make people mistrust the secure tools and have them use less secure tools instead. Works on many people, unfortunately.

        • Once again, Tor is proven to be insecure. No social engineering is needed. Which means that more secure tools are needed. That is the direction to move in.

          • by gweihir ( 88907 )

            You really have no clue what is going on. Fascinating.

            In the same venue: Cars are insecure (they crash on occasion and kill people), food is insecure, water is insecure. According to your logic we need to drop all these.

            • Your opinion is noted. I can only say that's a horrible analogy, but carry on.

              For everybody else, some cars are more dangerous that others. I would recommend you don't drive them. In some places (Flint, Michigan, maybe, possibly?) the water is poison. Anyone who says to drink it anyway.. well, let's just say wouldn't be very nice. Spoiled food? I hope that goes without saying, but in today's world you never know, considering this last response I received above.

              • by gweihir ( 88907 )

                My point is that both more secure alternatives (which have however consistently failed to materialize in any real-world deployed form, and the whole idea of anonymous networking is now something like 20 years old) and improving TOR security are both valid options. Given that TOR is already there and works and its weak points are already pretty well understood, the second seems to be the by far better option. Also note that the TOR project has long since said that hidden services need work, but that they wou

    • by AHuxley ( 892839 )
      Recall the origins and past funding of Onion routing https://en.wikipedia.org/wiki/... [wikipedia.org] i.e. US needed a system that would allow US backed and funded dissidents globally to network for color revolutions https://en.wikipedia.org/wiki/... [wikipedia.org] and other long term political NGO work.
      5 eye nations did not seem to be very upset with its spread and use with systems like Tempora https://en.wikipedia.org/wiki/... [wikipedia.org]. Federal funding at a police level in the US to track users goes from success to success even on low budget
      • That appears to be part of the problem. Not only does it stand out like the proverbial sore thumb, only the people who feel a real need are using it, making it easy to spot. We need something that blends in better, so we don't have to consider the percentage of people using it. The only thing that comes to mind for now is that steganography thing, and don't try to hide anything more complex than tiny text files.

        • by AHuxley ( 892839 )
          Nations can now afford to reconcile most of their users internet patterns over time. If that fails, just induce random network drops to see who falls off the network over a few 10's, hundred or 1000 interesting users per city and provider.
          If most of a nations users are just surfing, using web 2.0, doing other tasks, getting a short list of people who went looking for software would not be too hard.
    • by antdude ( 79039 )

      "Trust no one." --The X-Files. :(

  • by Anonymous Coward

    Think about it. There are 196 countries in the world, all of which have police and most of which have intelligence agencies. Some hidden services have a legitimate use such as encrypted chat, but many of them are used as C&C for botnets by various criminals and for fun hackers, some of which have an interest in figuring out what the others hidden services are doing. And then there are private security researchers.

    Overall, there is plenty of interest in snooping on Tor hidden services...

  • Scale? (Score:2, Insightful)

    by Anonymous Coward

    110 out of a population of how many hidden service directories? 25% of nodes also claimed to be exits.. How many exits are there?

    A feel for how significant this problem is would be nice.

  • What really matters is what percentage of nodes are compromised, and whether the rest of us reading Slashdot right now can fix this issue forever by each just enabling a few new clean exit nodes?

Make sure your code does nothing gracefully.

Working...